Categories

Categories

Whitelisting Office 365 Email Gateway

Yariv Hazony
Last Updated: 2 weeks ago

Why Whitelist in Office 365?

Whitelisting Dcoya is essential in order to ensure emails are successfully delivered to recipients inbox, instead of being incorrectly classified as spam or phishing all during the usage in the platform.

The whitelisting is also intended to ensure that the links within the emails are not scanned by detection engines, which could result in false positives.

Note

To ensure correct email sending and prevent any false positive bot clicks on the links attached to the emails, it is essential to follow all the steps outlined below.                

Excluding DCOYA from 365 Email ATP Gateway Using Email Header and IP Whitelisting

Introduction

Email header whitelisting is a valuable method to ensure that emails sent by the Dcoya platform are not inspected by the Microsoft 365 Email ATP (Advanced Threat Protection) gateway. This document provides step-by-step instructions for administrators on how to configure a mail flow rule that bypasses ATP link processing based on email headers. This action is recommended if you have a mail filter in place in front of your mail server.

Instructions for Excluding Dcoya Platform Using Email Header Whitelisting

1.  Navigate to the following URL: https://admin.exchange.microsoft.com/#/transportrules.

2.  Click on "Create a new rule" and provide a name for the rule. For example, you can name it "Bypass ATP Links," although you can choose any name that suits your preferences.

3. In the "Apply this rule if" condition, select "The message headers" and then choose "includes any of these words."

4. In the "Enter text" field, type the header name as "X-Dcoya-Identification."

5. In the "Enter words" field, type the custom guide that will provide you by Dcoya Managed Service.

6. In the "Do the following" condition, select "Modify the message properties" and then choose "Set a message header."

7. Click on the first "Enter text..." link and set the message header to "X-MS-Exchange-Organization-SkipSafeLinksProcessing."

8. Click on the second "Enter text..." link and set the value to "1."

9. Ensure that your configuration matches the steps outlined above.

10. Confirm the settings and “Save” the rule.

Instructions for Excluding Dcoya Platform Using Dcoya IP address Whitelisting

1. Navigate to the following URL: https://admin.exchange.microsoft.com/#/transportrules.

2. Click on "Create a new rule" and provide a name for the rule. For example, you can name it "Bypass ATP Links," although you can choose any name that suits your preferences.

3. Click on "Apply this rule if → The sender → IP address is in any of these ranges or exactly matches. In the designated field, input the IP addresses one by one from the provided list.

a.  Add the IP address provided by Dcoya Managed Services.

b.  Remember to click "Save" after entering each IP address.

4. Click on "Do the following → Modify the message properties → Set a Message Header."

5. Enter Header Values: Choose the "Enter text" buttons adjacent to the "Do the following" field. Enter the following values: enter the custom guid that will be provided by Dcoya Managed Services and then enter "true."

6. Click on the second "Enter text..." link and set the value to "1."

7. Ensure that your configuration matches the steps outlined above.

8. Confirm the settings and “Save” the rule.

Whitelisting Dcoya Using Advanced Delivery Policies in Microsoft Defender for Office 365

Introduction

Whitelisting the Dcoya platform is a crucial step to ensure that emails from this platform are trusted and not subjected to strict security checks in Microsoft Defender for Office 365. This document provides a comprehensive guide for administrators on how to whitelist Dcoya using Advanced Delivery Policies in the Microsoft 365 Defender portal.

Step-by-Step Guide to Whitelisting Dcoya Platform

1.  Open your web browser and navigate to the Microsoft 365 Defender portal at https://security.microsoft.com.

2.  In the left-hand menu, click on "Email & Collaboration."

3.  Access Threat Policies and Advanced Delivery:

a.  Under "Policies & Rules," select "Threat policies."

b.  In the "Rules" section, click on "Advanced delivery."

4. Within the Advanced Delivery menu, locate and click on the "Phishing simulation" tab.

5. Click the "Edit" button to open the Edit third-party phishing simulation menu.

6. Configure the Following Settings:

a.  Domain: Insert the phishing (sending) domains specified in the articles referencing sending domains.

b.  Sending IP: Input the IP addresses provided by Dcoya Managed Services.

c. Simulation URLs to Allow: Include the landing page domains provided by Dcoya Managed Services.

7. Save Your Configuration:

a.  If this is a first-time addition, click "Add," and then click "Close."

b.  If you are editing existing values, click "Save," and then click "Close."

Optional

Whitelist Connection Filter Policy

The Office 365 Exchange Connection Filter is responsible for distinguishing between trusted and untrusted email sources based on their IP addresses. To allow all emails from Dcoya platform IP addresses (e.g., Dcoya IP addresses) to be received without interruption, follow these steps:

1. Log in to your Office 365 Admin Center using your administrator credentials.

2. In the left-hand navigation pane, click on "Admin centers" and select "Polices & Rules."

3. Within the “Polices & Rules”, navigate to the " Threat policies" tab on the left.

4. In the “Threat polices” screen select “Anti-spam policies”

5. Locate and select the "Connection filter" option.

6. Click on the pencil icon or "Edit" to modify your existing connection filter policy or create a new one if necessary. (If you cannot locate the pencil icon, simply click on the right side of the "Connection filter policy (Default)" row.)

7. In the "Edit connection filter policy" window, find the "Allowed IP addresses" or "Allowed IP ranges" section.

8. Add Dcoya platform's IP addresses or IP ranges to the list. Make sure to include all relevant IP addresses to ensure comprehensive whitelisting.  

9. Save your changes by clicking "Save" or "Apply."

Whitelisting Spam Filtering for Dcoya Phishing Simulation Emails

All mail systems include built-in spam filtering mechanisms to protect users from unsolicited and potentially harmful emails. Given that Dcoya Phishing Simulation emails are inherently designed for phishing simulations, it becomes imperative to whitelist them within the Microsoft spam filter. The following steps provide a clear guide on how to disable all spam checks for Dcoya Phishing Simulation emails, ensuring that you do not encounter issues related to email open and click rates, even if users do not interact with them as expected.

Steps to Whitelist Spam Filtering

To whitelist spam filtering for Dcoya Phishing Simulation emails, follow these steps:

1.  Visit the following URL to access the Exchange Admin Center for Microsoft: https://admin.exchange.microsoft.com/#/transportrules.

2.   On the Exchange Admin Center page, locate and click on the plus sign icon (➕) to create a new rule.

3. Provide a meaningful name for the rule, such as "Dcoya Spam Filtering."

4. Click on "Apply this rule if → The sender → IP address is in any of these ranges or exactly matches."

5. Specify IP Addresses: In the designated field, input the IP addresses one by one from the provided list.

a.  Add the IP address provided by Dcoya Managed Services.

b.  Remember to click "Save" after entering each IP address.

6. Modify Message Properties: Click on "Do the following → Modify the message properties → Set a Message Header."

7. Enter Header Values: Choose the "Enter text" buttons adjacent to the "Do the following" field. Enter the following values: enter the custom guid that will be provided by Dcoya Managed Services and then enter "true."

8. Now, add another rule by clicking the "+" sign to add another rule condition.

9. Set Spam Confidence Level (SCL): choose "Modify the message properties → Set the spam confidence level (SCL) to..." and select "Bypass Spam Filtering."

a. This action sets the SCL value to -1, effectively bypassing spam filtering.

10. Click on the "Next" button to continue.

11. Leave the "Set Rule" settings as they are.

12. Click on the "Next" button to continue.

13. Verify Rule Settings:

a. Ensure that the rule is enabled.

b. Set the priority of the rule to 0.

14. Select the “Finish” button

Was this article helpful?

Recent Articles